openSUSE: Security Advisory for postgresql, postgresql15, postgresql16 (SUSE-SU-2023:4495-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection

Impact This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. Patches The algorithm to detect SQL injection has been improved. Workarounds None. References - https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2 -...

GHSA-6927-3VR9-FXF2 ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection

Impact This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. Patches The algorithm to detect SQL injection has been improved. Workarounds None. References - https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2 -...

CVE-2024-27298

parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20...

Sql injection

parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20...

CVE-2024-27298 Parse Server literalizeRegexPart SQL Injection

parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20...

CVE-2024-27298 Parse Server literalizeRegexPart SQL Injection

parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20...

CVE-2024-27298

CVE-2024-27298 affects parse-server (Parse Server for Node.js/Express) when configured with PostgreSQL. The underlying issue is a SQL injection in the server’s PostgreSQL handling. The vulnerability has been fixed in versions 6.5.0 and 7.0.0-alpha.20. Affected products/versions per sources includ...

[CVE-2024-1597] PostgreSQL - Mobileiron line products (Ivanti EPMM Reporting DB, Ivanti N-MDM/Cloud)

Last Modified Date Mar 8, 2024 9:01:56 PM...

SUSE CVE-2024-1597

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

PT-2024-21803

Name of the Vulnerable Software and Affected Versions parse-server versions prior to 6.5.0 parse-server versions prior to 7.0.0-alpha.20 Description This issue allows SQL injection when parse-server is configured to use the PostgreSQL database. A remote attacker could send specially-crafted SQL...

CentOS 9 : postgresql-jdbc-42.2.27-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the postgresql-jdbc-42.2.27-1.el9 build changelog. - pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint,...

CentOS 9 : postgresql-jdbc-42.2.18-6.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the postgresql-jdbc-42.2.18-6.el9 build changelog. - PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Ja...

CentOS 9 : postgresql-13.7-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the postgresql-13.7-1.el9 build changelog. - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's...

postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL

A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refre...

Important: Red Hat Security Advisory: postgresql:15 security update

An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

CVE-2024-1597

A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value. Mitigation Do not use the connection...

postgresql:10 security update

10.23-4.0.1 - Resolves: CVE-2024-0985...

Oracle Linux 8 : postgresql:12 (ELSA-2024-0974)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0974 advisory. pgaudit 1.4.0-7 - Release bump to avoid regression in nvrs - Resolves: RHEL-24969 pgrepack postgres-decoderbufs postgresql 12.18-1.0.1 - Update to version 12.18...

AlmaLinux 9 : postgresql (ALSA-2024:0951)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0951 advisory. - Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. Th...